IT Examiner School eBook May 2025

End of Core Analysis.

Institution Name: Click here to enter institution name Cert# Click here to enter cert number

Information Technology Risk Examination

Preparer: Click here to enter preparer name Start Date: Click here to select a start date.

Management

Core Analysis Decision Factors

Note: refer to the applicable FFIEC IT Examination Handbooks if additional analysis is necessary to complete this module. Decision Factors – Management M.1. The level and quality of oversight and support of IT activities by the Board of Directors and management. ▼ Procedures #1-3 Click here to enter comment Strong ☐ Satisfactory ☐ Less than satisfactory ☐ Deficient ☐ Critically deficient ☐ M.2. The ability of management to provide information reports necessary for informed planning and decision making in an effective and efficient manner. ▼ Procedure #4 Click here to enter comment Strong ☐ Satisfactory ☐ Less than satisfactory ☐ Deficient ☐ Critically deficient ☐ M.3. The adequacy of, and conformance with, internal policies and controls addressing IT operations and risks of significant business activities. ▼ Procedure #5-6 Click here to enter comment Strong ☐ Satisfactory ☐ Less than satisfactory ☐ Deficient ☐ Critically deficient ☐ M.4. The level of awareness of and compliance with laws and regulations. ▼ Procedures #7-11 Click here to enter comment Strong ☐ Satisfactory ☐ Less than satisfactory ☐ Deficient ☐ Critically deficient ☐

Page: 10

InTREx – Management IT Risk Examination Modules - July 2016